Questionnaire on Intrusion Software Export Regulations in Japan (English)
As we understand, the Japanese Department of Ministry of Economy, Trade and Industry (METI) underwent a consultation process after the Japanese information security community expressed concerns about the Wassenaar Arrangement rules on Intrusion Software. The Japanese government then published a note that sought to narrow their understood application. This note, described and herein referred to as the ‘regulation target,’ reads:

"Regulation target: technologies necessary for designing intrusion program (except for those which are used for ensuring security of information system and for collection, investigation, analysis, countermeasure, protection and prevention of information related to cyber attacks)."

The purpose of this questionnaire is to determine whether METI's changes were effective at ensuring that the Japanese information security community was not unnecessarily hindered by the rules. The product of this research will be an article describing the rule to an international audience and summarizing feedback from the community (identities will be withheld). Our interest is whether the Japanese note would resolve similar concerns in other Wassenaar Arrangement member states.

Please feel free to answer as many or as few questions are you are willing to. Any feedback will be highly valuable.
Briefly, how would you describe yourself and your role in the information security profession?
Your answer
Do you feel satisfied that the ‘regulation target’ note (described in the introduction) resolves concerns raised by the Japanese information security community about the Intrusion Software control?
If these issues were not fully resolved, what concerns raised by the information security community did the 'regulation target' note and outreach not effectively address?
Your answer
Do you believe that any activities that your organization or company engages in would fall under the scope of the intrusion software controls as they are implemented in Japan? If so, please briefly describe them.
Your answer
Do you anticipate applying for licenses, changing normal information security behaviors, altering business practices, or discontinuing certain activities as a result of the Intrusion Software control?
If so, can you elaborate on what these activities are?
Your answer
Are you aware of members of the information security community or businesses in Japan that have had to change their behaviors or activities as a result of the controls? If so in what manner?
Your answer
As you understand the controls and exemptions for Intrusion Software under the Japanese export regulations, do you believe that the transfer outside of Japan of information related to *vulnerabilities and exploits* is now subject to export controls? If so, under what circumstances?
Your answer
For example, if a Japanese researcher discovers a vulnerability or writes an exploit, do you believe the researcher would be able to transfer relevant data outside of Japan without requesting a license?
If you believe this transfer in the above example would not be controlled, is this determination based on:
Similarly, if a Japanese researcher acquires samples of *malicious intrusion software used by others for fraudulent purposes* and seeks to share it privately with the information security community, do you believe the researcher would be able to transfer relevant data outside of Japan without requesting a license?
If you believe this transfer in the above example would not be controlled, is this determination based on:
As you understand the controls and exemptions for Intrusion Software under the Japanese export regulations, do you believe that the transfer of *penetration testing software* outside of Japan is subject to export controls?
If penetration testing software may require an export license, under what circumstances?
Your answer
Is there any other information that you would be willing to share on your experiences or concerns with the current Japanese export controls on Intrusion Software?
Your answer
Thank you for your input, we appreciate your time and expertise!
Submit
Never submit passwords through Google Forms.
This content is neither created nor endorsed by Google. Report Abuse - Terms of Service - Additional Terms